[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-105-g750aaed

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=750aaed6ffc8d29441f9f6d8870e2c8f4787c329

The branch, master has been updated
       via  750aaed6ffc8d29441f9f6d8870e2c8f4787c329 (commit)
       via  3da801fa9301088a7bdc470e8f2a40f14199fdee (commit)
      from  27a424cf6668b61c8c92ed88d5331b3010be3374 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 750aaed6ffc8d29441f9f6d8870e2c8f4787c329
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jun 17 20:38:34 2011 +0200

    Limit the number of attempts with the same PIN, to avoid attempting again 
and again with a wrong PIN.

commit 3da801fa9301088a7bdc470e8f2a40f14199fdee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jun 17 20:31:58 2011 +0200

    When writing an object with CKA_TRUSTED set CKA_PRIVATE explicitly to 
FALSE, to allow the SO to write it. Reported by Rickard Bellgrim.

-----------------------------------------------------------------------

Summary of changes:
 lib/pkcs11_write.c |    9 ++++++++-
 src/p11common.c    |    7 +++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 15ed132..3083faf 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -54,11 +54,12 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   size_t der_size, id_size;
   opaque *der = NULL;
   opaque id[20];
-  struct ck_attribute a[10];
+  struct ck_attribute a[16];
   ck_object_class_t class = CKO_CERTIFICATE;
   ck_certificate_type_t type = CKC_X_509;
   ck_object_handle_t obj;
   ck_bool_t tval = 1;
+  ck_bool_t fval = 0;
   int a_val;
   gnutls_datum_t subject = { NULL, 0 };
 
@@ -142,6 +143,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   a[a_val].value_len = subject.size;
   a_val++;
 
+
   if (label)
     {
       a[a_val].type = CKA_LABEL;
@@ -156,6 +158,11 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
       a[a_val].value = &tval;
       a[a_val].value_len = sizeof (tval);
       a_val++;
+
+      a[a_val].type = CKA_PRIVATE;
+      a[a_val].value = &fval;
+      a[a_val].value_len = sizeof(fval);
+      a_val++;
     }
 
   rv = pkcs11_create_object (module, pks, a, a_val, &obj);
diff --git a/src/p11common.c b/src/p11common.c
index c866a52..1ef7c9c 100644
--- a/src/p11common.c
+++ b/src/p11common.c
@@ -30,6 +30,7 @@
 
 #define MIN(x,y) ((x)<(y))?(x):(y)
 
+#define MAX_CACHE_TRIES 5
 static int
 pin_callback (void *user, int attempt, const char *token_url,
               const char *token_label, unsigned int flags, char *pin,
@@ -37,7 +38,7 @@ pin_callback (void *user, int attempt, const char *token_url,
 {
   const char *password;
   const char * desc;
-  int len, cache = 1;
+  int len, cache = MAX_CACHE_TRIES;
 /* allow caching of PIN */
   static char *cached_url = NULL;
   static char cached_pin[32] = "";
@@ -58,7 +59,7 @@ pin_callback (void *user, int attempt, const char *token_url,
       printf ("*** Only few tries left before locking!\n");
     }
     
-  if (cache == 1 && cached_url != NULL)
+  if (cache > 0 && cached_url != NULL)
     {
       if (strcmp (cached_url, token_url) == 0)
         {
@@ -69,6 +70,7 @@ pin_callback (void *user, int attempt, const char *token_url,
             }
 
           strcpy (pin, cached_pin);
+          cache--;
           return 0;
         }
     }
@@ -91,6 +93,7 @@ pin_callback (void *user, int attempt, const char *token_url,
   strcpy (cached_pin, pin);
   free (cached_url);
   cached_url = strdup (token_url);
+  cache = MAX_CACHE_TRIES;
 
   return 0;
 }


hooks/post-receive
-- 
GNU gnutls